dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
2152
GMLUSA
join:2012-02-17
West Hartford, CT

GMLUSA

Member

[Malware] Computer stops obeying the mouse but drives spin like

mbam-log-201···-33).txt
6,412 bytes
OTL.Txt
157,918 bytes
Extras.Txt
96,554 bytes
checkup.txt
926 bytes
  
My computer stops obeying clicks of the mouse or sometimes takes even longer than 5 min to respond. However, the drives keep spinning like crazy. If I disconnect from the network, things seem to work better. I am afraid my computer has been hijacked. I have run the tests and here are the logs:

BD did not leave a log. It said the computer was clean.

lilhurricane
Crunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone

lilhurricane

Numquam oblita

MBAM

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.17.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
1Gustavo :: GUSTAVOS [limited]

Protection: Enabled

2/17/2012 12:51:33 PM
mbam-log-2012-02-17 (12-51-33).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 642969
Time elapsed: 2 hour(s), 50 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 11
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search| (Adware.Hotbar) -> Data: http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=GRfox000 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
E:\Avatars\MyWebFaceSetup2.3.50.57.GRfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{557220F8-435B-4A6A-B267-B6A0E4589CC0}\RP1203\A0254992.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
K:\Cosmi\Ecc\Template.dat (JokeApp.NotFunny) -> Quarantined and deleted successfully.
K:\OldEdriveBKUP\WINDOWS\SYSTEM\HLINK.DLL (Trojan.FakeMS) -> Quarantined and deleted successfully.
D:\Documents and Settings\1Gustavo\Desktop\Click to Find and Fix Errors.lnk (Rogue.Link) -> Quarantined and deleted successfully.

(end)
lilhurricane

lilhurricane to GMLUSA

Numquam oblita

to GMLUSA

OTL

OTL logfile created on: 2/17/2012 4:34:26 PM - Run 1
OTL by OldTimer - Version 3.2.32.0 Folder = D:\Documents and Settings\1Gustavo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 70.71% Memory free
4.69 Gb Paging File | 3.49 Gb Available in Paging File | 74.48% Paging File free
Paging file location(s): D:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive D: | 465.76 Gb Total Space | 325.62 Gb Free Space | 69.91% Space Free | Partition Type: NTFS
Drive E: | 74.51 Gb Total Space | 70.11 Gb Free Space | 94.09% Space Free | Partition Type: FAT32
Drive F: | 12.73 Gb Total Space | 10.37 Gb Free Space | 81.44% Space Free | Partition Type: NTFS
Drive K: | 465.76 Gb Total Space | 106.86 Gb Free Space | 22.94% Space Free | Partition Type: NTFS
Drive M: | 2794.49 Gb Total Space | 2785.72 Gb Free Space | 99.69% Space Free | Partition Type: NTFS

Computer Name: GUSTAVOS | User Name: 1Gustavo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/02/17 16:33:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\1Gustavo\Desktop\OTL.exe
PRC - [2012/02/17 11:32:24 | 003,409,872 | ---- | M] (Acronis) -- D:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/25 08:10:30 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- D:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/11/14 19:47:28 | 000,670,792 | ---- | M] (Juniper Networks) -- D:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2011/08/20 21:35:10 | 005,729,328 | ---- | M] (Acronis) -- D:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2011/08/20 21:32:40 | 000,403,096 | ---- | M] (Acronis) -- D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011/08/20 21:32:36 | 000,808,704 | ---- | M] (Acronis) -- D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2011/08/20 21:31:28 | 005,932,256 | ---- | M] (Acronis) -- D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2011/08/19 04:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- D:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- D:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/08/12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- D:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/08/12 12:18:30 | 000,265,240 | ---- | M] () -- D:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) -- D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- D:\Program Files\Norton 360\Engine\5.2.0.13\ccsvchst.exe
PRC - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () -- D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () -- D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2011/03/09 11:09:54 | 003,986,944 | ---- | M] (Western Digital Technologies, Inc.) -- D:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2011/03/09 11:07:54 | 000,238,592 | ---- | M] (WDC) -- D:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/11/30 01:23:56 | 001,037,672 | ---- | M] (Symantec Corporation) -- D:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
PRC - [2010/11/30 01:23:56 | 000,406,888 | ---- | M] (Symantec Corporation) -- D:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
PRC - [2010/11/30 01:23:44 | 001,029,480 | ---- | M] (Symantec Corporation) -- D:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
PRC - [2010/11/30 01:23:44 | 000,406,888 | ---- | M] (Symantec Corporation) -- D:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
PRC - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) -- D:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2009/12/17 06:42:06 | 000,105,632 | ---- | M] (Corel) -- D:\Program Files\Common Files\Corel\Standby\Standby.exe
PRC - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () -- D:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2009/06/18 12:00:10 | 000,077,824 | ---- | M] (Avid Technology, Inc.) -- D:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2009/02/05 10:51:12 | 000,388,768 | ---- | M] () -- D:\WINDOWS\system32\atwtusb.exe
PRC - [2009/01/13 10:10:32 | 003,161,760 | ---- | M] () -- D:\WINDOWS\system32\WTMKM.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- d:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- D:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2007/03/03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) -- D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2005/11/22 09:28:38 | 000,864,256 | ---- | M] (Sonic Solutions) -- D:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
PRC - [2005/11/22 09:26:14 | 000,155,648 | ---- | M] (Sonic Solutions) -- D:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
PRC - [2005/10/27 16:17:36 | 008,740,864 | ---- | M] (Intel Corporation) -- D:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
PRC - [2004/04/28 14:02:22 | 000,042,496 | ---- | M] (Standard Microsystems Corp.) -- D:\Program Files\WDC\SetIcon.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/01/11 23:49:02 | 017,403,904 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2dac4fc006596760cd4988d0bfd52ff0\System.ServiceModel.ni.dll
MOD - [2012/01/11 23:46:54 | 000,771,584 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3c272cad7afb127e2a2bdb8a5a808512\System.Runtime.Remoting.ni.dll
MOD - [2012/01/11 23:40:46 | 003,182,592 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/01/11 23:40:42 | 002,933,248 | ---- | M] () -- D:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/01/11 23:40:22 | 000,261,632 | ---- | M] () -- D:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/12/19 11:23:18 | 000,998,400 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2011/12/19 11:15:50 | 000,212,992 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/12/19 11:15:50 | 000,141,312 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\29d7091f6eab0ec61c4eb625ed221b73\System.Configuration.Install.ni.dll
MOD - [2011/12/19 11:15:39 | 000,627,712 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll
MOD - [2011/12/19 11:15:37 | 000,627,200 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll
MOD - [2011/12/19 11:15:36 | 000,015,872 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\a140509b1342934fc5e58ae22ac9696c\Microsoft.VisualC.ni.dll
MOD - [2011/12/19 11:14:21 | 000,971,264 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/12/19 10:57:49 | 005,450,752 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/12/18 20:06:29 | 006,616,576 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
MOD - [2011/12/18 20:00:25 | 007,950,848 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/12/18 19:59:40 | 011,490,816 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- D:\WINDOWS\system32\quartz.dll
MOD - [2011/11/03 10:28:36 | 000,386,048 | ---- | M] () -- D:\WINDOWS\system32\qdvd.dll
MOD - [2011/08/22 15:47:44 | 000,336,408 | ---- | M] () -- D:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/08/20 21:37:40 | 000,018,784 | ---- | M] () -- D:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
MOD - [2011/08/20 20:56:00 | 000,435,552 | ---- | M] () -- D:\Program Files\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
MOD - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- D:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011/08/12 12:18:30 | 000,265,240 | ---- | M] () -- D:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/03/09 11:29:38 | 000,886,272 | ---- | M] () -- D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
MOD - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () -- D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
MOD - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () -- D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MOD - [2010/06/24 03:27:00 | 000,197,928 | ---- | M] () -- D:\Program Files\ManyCam\Bin\VideoSrc.dll
MOD - [2010/05/07 17:37:40 | 000,126,808 | ---- | M] () -- D:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 17:37:40 | 000,027,480 | ---- | M] () -- D:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 17:36:54 | 000,340,824 | ---- | M] () -- D:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 17:35:56 | 007,954,776 | ---- | M] () -- D:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 17:35:44 | 002,143,576 | ---- | M] () -- D:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () -- D:\Program Files\Flip Video\FlipShare\FlipShareService.exe
MOD - [2009/11/19 11:26:12 | 002,174,976 | ---- | M] () -- D:\Program Files\Flip Video\FlipShare\Core.dll
MOD - [2009/11/19 11:18:16 | 000,708,608 | ---- | M] () -- D:\Program Files\Flip Video\FlipShare\qca2.dll
MOD - [2009/11/19 11:14:38 | 006,443,008 | ---- | M] () -- D:\Program Files\Flip Video\FlipShare\QtGui4.dll
MOD - [2009/11/19 11:14:38 | 000,356,352 | ---- | M] () -- D:\Program Files\Flip Video\FlipShare\QtXml4.dll
MOD - [2009/11/19 11:14:38 | 000,188,416 | ---- | M] () -- D:\Program Files\Flip Video\FlipShare\QtSql4.dll
MOD - [2009/11/19 11:14:36 | 001,581,056 | ---- | M] () -- D:\Program Files\Flip Video\FlipShare\QtCore4.dll
MOD - [2009/02/05 10:51:12 | 000,388,768 | ---- | M] () -- D:\WINDOWS\system32\atwtusb.exe
MOD - [2009/01/13 10:10:32 | 003,161,760 | ---- | M] () -- D:\WINDOWS\system32\WTMKM.exe
MOD - [2008/04/13 19:12:03 | 000,192,512 | ---- | M] () -- D:\WINDOWS\system32\qcap.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- D:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- D:\WINDOWS\system32\devenum.dll
MOD - [2006/08/29 08:29:00 | 000,180,224 | ---- | M] () -- D:\WINDOWS\system32\ATWTINK.DLL
MOD - [2005/11/22 09:15:12 | 004,448,256 | ---- | M] () -- D:\Program Files\Common Files\Roxio Shared\DLLShared\ROXIPP4.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- -- (RoxWatch9)
SRV - File not found [On_Demand | Stopped] -- -- (RoxMediaDB9)
SRV - File not found [Disabled | Stopped] -- -- (RoxLiveShare9)
SRV - [2012/02/17 11:32:24 | 003,409,872 | ---- | M] (Acronis) [Auto | Running] -- D:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/14 19:47:28 | 000,670,792 | ---- | M] (Juniper Networks) [Auto | Running] -- D:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011/08/20 21:35:10 | 005,729,328 | ---- | M] (Acronis) [Auto | Running] -- D:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2011/08/20 21:32:36 | 000,808,704 | ---- | M] (Acronis) [Auto | Running] -- D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011/08/19 04:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- D:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/04/20 00:30:40 | 000,169,264 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- D:\Program Files\Retrospect\Retrospect 7.7\rthlpsvc.exe -- (Retrospect Helper)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- D:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
SRV - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () [Auto | Running] -- D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () [Auto | Running] -- D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2011/03/09 11:07:54 | 000,238,592 | ---- | M] (WDC) [Auto | Running] -- D:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/11/30 01:23:56 | 001,037,672 | ---- | M] (Symantec Corporation) [Auto | Running] -- D:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe -- (SpeedDiskService)
SRV - [2010/11/30 01:23:44 | 001,029,480 | ---- | M] (Symantec Corporation) [Auto | Running] -- D:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe -- (DiskDoctorService)
SRV - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- D:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () [Auto | Running] -- D:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/10/14 18:59:54 | 000,099,688 | R--- | M] (Sony Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV)
SRV - [2009/06/18 12:00:10 | 000,077,824 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- D:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2009/06/18 11:24:42 | 000,159,744 | ---- | M] (Avid Technology, Inc.) [On_Demand | Stopped] -- D:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2009/02/05 10:51:12 | 000,388,768 | ---- | M] () [Auto | Running] -- D:\WINDOWS\System32\atwtusb.exe -- (WTService)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- d:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- D:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2007/03/03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/11/22 09:29:52 | 000,233,472 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- D:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)
SRV - [2005/11/22 09:28:38 | 000,864,256 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- D:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB)
SRV - [2005/11/22 09:26:14 | 000,155,648 | ---- | M] (Sonic Solutions) [Auto | Running] -- D:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)
SRV - [2005/11/21 22:47:56 | 000,045,056 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- D:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer)
SRV - [2005/11/21 22:47:10 | 000,409,600 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- D:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer)
SRV - [2000/05/24 14:20:36 | 000,015,360 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- D:\WINDOWS\system32\ATMsrvc.exe -- (ATMsrvc)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2012/02/17 11:32:32 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- D:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2012/02/17 11:31:48 | 000,766,208 | ---- | M] (Acronis) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2012/02/17 11:31:32 | 000,609,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2012/02/17 11:30:56 | 000,126,112 | ---- | M] (Acronis) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\vididr.sys -- (vididr)
DRV - [2012/02/17 11:30:51 | 000,084,512 | ---- | M] (Acronis) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\vsflt58.sys -- (vidsflt58) Acronis Disk Storage Filter (58)
DRV - [2012/02/17 11:30:30 | 000,076,768 | ---- | M] (Acronis) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\fltsrv.sys -- (fltsrv)
DRV - [2012/02/04 07:44:55 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/04 07:44:55 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/23 20:58:18 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2011/12/20 02:39:28 | 000,100,368 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2011/12/19 11:10:26 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120216.033\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/19 11:10:26 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120216.033\NAVENG.SYS -- (NAVENG)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- D:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/12/05 22:42:18 | 007,490,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/11/30 21:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120215.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/30 18:49:07 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120216.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/11/14 19:14:44 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2011/08/19 04:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam Pro 9000(UVC)
DRV - [2011/08/19 04:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/07/06 15:01:21 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 20:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\WINDOWS\System32\Drivers\N360\0502000.00D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/30 22:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- D:\WINDOWS\System32\Drivers\N360\0502000.00D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\N360\0502000.00D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 21:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- D:\WINDOWS\system32\drivers\N360\0502000.00D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/02/16 16:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2011/01/27 01:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\N360\0502000.00D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 00:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\N360\0502000.00D\Ironx86.SYS -- (SymIRON)
DRV - [2010/11/30 01:24:00 | 000,108,800 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\SymSpeedDisk.sys -- (SYMSpeedDisk)
DRV - [2010/11/30 01:23:58 | 000,128,248 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\SymDSMon.sys -- (SymDSMon)
DRV - [2010/06/14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/05/14 17:04:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/05/07 17:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/12/11 22:20:37 | 000,033,848 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD) SoundTap Recorder (32 Bit)
DRV - [2009/08/24 23:10:52 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/05/21 14:39:54 | 000,090,472 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- D:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/02/11 08:47:48 | 000,156,552 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\mausbft.sys -- (MAUSBFT)
DRV - [2008/01/23 16:38:25 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/01/23 16:38:06 | 000,120,992 | ---- | M] (Acronis) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007/07/26 06:13:04 | 000,023,168 | ---- | M] () [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aiptektp.sys -- (aiptektp)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/11/22 00:49:40 | 000,050,176 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- D:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2005/10/22 07:05:00 | 000,311,680 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- D:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/10/22 07:05:00 | 000,119,168 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2005/10/22 07:05:00 | 000,027,264 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- D:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/10/22 07:05:00 | 000,027,136 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/09/27 13:50:00 | 001,021,832 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/26 17:46:48 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2005/04/27 22:24:20 | 000,120,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\USBAV191.SYS -- (USBAV191)
DRV - [2005/03/31 11:32:42 | 000,175,104 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\Si3114r5.sys -- (Si3114r5)
DRV - [2004/11/01 12:21:32 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2003/12/09 05:53:06 | 000,009,728 | R--- | M] (Western Digital) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\inibtmgr.sys -- (inibtmgr)
DRV - [2001/08/17 08:28:18 | 000,794,399 | ---- | M] (U.S. Robotics, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\USR1806V.SYS -- (USR1806V)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=grupo&s={searchTerms}&f=4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://finalsite.ccsu.edu/page.cfm?p=2118
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: D:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: d:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: d:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: d:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: D:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: D:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: d:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: D:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/02/02 06:07:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: D:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_5_2 [2012/02/17 15:53:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: D:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/09 22:42:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: D:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/09 22:42:01 | 000,000,000 | ---D | M]

[2012/02/07 09:43:42 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\1Gustavo\Application Data\Mozilla\Extensions
[2010/12/25 15:20:52 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\1Gustavo\Application Data\Mozilla\Extensions\home2@tomtom.com
[2012/02/07 09:45:00 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
[2011/12/26 17:44:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- D:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/04/27 12:40:48 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/27 05:06:56 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/29 15:31:09 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/27 11:14:56 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/03 17:20:41 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009/03/31 21:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- D:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2009/06/10 11:20:12 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- D:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2009/06/10 11:20:20 | 000,126,360 | ---- | M] (WebEx Communications, Inc) -- D:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2009/06/10 11:22:02 | 000,046,408 | ---- | M] () -- D:\Program Files\mozilla firefox\plugins\atmccli.dll
[2009/07/13 14:01:10 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- D:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2009/06/10 11:20:32 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- D:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/11 14:47:41 | 000,002,048 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

O1 HOSTS File: ([2012/02/07 12:49:35 | 000,000,734 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program Files\GetRight\free\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - D:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\Program Files\Norton 360\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - D:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [atwtusb] D:\WINDOWS\System32\atwtusb.exe ()
O4 - HKLM..\Run: [IntelAudioStudio] D:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] D:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [MacrokeyManager] D:\WINDOWS\System32\WTMKM.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] sttray.exe File not found
O4 - HKLM..\Run: [Standby] d:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] D:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - Startup: D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\SATARAID5.lnk = File not found
O4 - Startup: D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\WDDMStatus.lnk = D:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\free\GRDownload.htm ()
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\free\GRBrowse.htm ()
O8 - Extra context menu item: Search the Web - D:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206439103687 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {F92211F4-3913-4DC2-A275-756374D848B0} http://mydeuce.kicks-ass.net/MP4DVR.cab (ERViewerOCX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01E5B241-C767-49E3-A932-9BC42255B22E}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\mctp - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - D:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\MsMsgSrv: DllName - (MsMsgSrv.DLL) - File not found
O24 - Desktop WallPaper: D:\Documents and Settings\1Gustavo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\1Gustavo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - D:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
lilhurricane

lilhurricane

Numquam oblita

O32 - AutoRun File - [2009/01/10 17:40:20 | 000,000,050 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/06/02 16:40:48 | 000,000,000 | ---- | M] () - K:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1f4fe29c-df67-11dd-bc5a-0016761f2be5}\Shell\AutoRun\command - "" = H:\Setup_FlipShare.exe
O33 - MountPoints2\{1f4fe29c-df67-11dd-bc5a-0016761f2be5}\Shell\Setup FlipShare\command - "" = H:\Setup_FlipShare.exe
O33 - MountPoints2\{3c140f92-0cf9-11de-bc95-0016761f2be5}\Shell - "" = AutoRun
O33 - MountPoints2\{3c140f92-0cf9-11de-bc95-0016761f2be5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3c140f92-0cf9-11de-bc95-0016761f2be5}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{3c140f94-0cf9-11de-bc95-0016761f2be5}\Shell\Auto\command - "" = tel.xls.exe
O33 - MountPoints2\{3c140f94-0cf9-11de-bc95-0016761f2be5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3c140f94-0cf9-11de-bc95-0016761f2be5}\Shell\AutoRun\command - "" = D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe
O33 - MountPoints2\{54c9ba1c-70c9-11de-ba0c-0016761f2be5}\Shell - "" = AutoRun
O33 - MountPoints2\{54c9ba1c-70c9-11de-ba0c-0016761f2be5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{54c9ba1c-70c9-11de-ba0c-0016761f2be5}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{54c9ba1e-70c9-11de-ba0c-0016761f2be5}\Shell - "" = AutoRun
O33 - MountPoints2\{54c9ba1e-70c9-11de-ba0c-0016761f2be5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{54c9ba1e-70c9-11de-ba0c-0016761f2be5}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{812628c4-7138-11de-ba0d-0016761f2be5}\Shell - "" = AutoRun
O33 - MountPoints2\{812628c4-7138-11de-ba0d-0016761f2be5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{812628c4-7138-11de-ba0d-0016761f2be5}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{ab54e614-c9f8-11dc-872f-0016761f2be5}\Shell - "" = AutoRun
O33 - MountPoints2\{ab54e614-c9f8-11dc-872f-0016761f2be5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ab54e614-c9f8-11dc-872f-0016761f2be5}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{bbbf7e65-c814-11dc-b3cc-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{bbbf7e65-c814-11dc-b3cc-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bbbf7e65-c814-11dc-b3cc-806d6172696f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{cf650308-b2a9-11df-bb48-0016761f2be5}\Shell - "" = AutoRun
O33 - MountPoints2\{cf650308-b2a9-11df-bb48-0016761f2be5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf650308-b2a9-11df-bb48-0016761f2be5}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{f2ddbb13-5a9b-11dd-bbaf-0016761f2be5}\Shell\AutoRun\command - "" = G:\JDSecure\Windows\JDSecure31.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/02/17 16:33:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\1Gustavo\Desktop\OTL.exe
[2012/02/17 16:02:50 | 000,000,000 | ---D | C] -- D:\Documents and Settings\1Gustavo\Application Data\QuickScan
[2012/02/17 12:47:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\1Gustavo\Application Data\Malwarebytes
[2012/02/17 12:47:25 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/17 12:47:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2012/02/17 12:47:17 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2012/02/17 12:47:17 | 000,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware
[2012/02/17 12:45:15 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- D:\Documents and Settings\1Gustavo\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/17 12:02:21 | 000,446,464 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\1Gustavo\Desktop\TFC.exe
[2012/02/17 11:32:32 | 000,234,752 | ---- | C] (Acronis) -- D:\WINDOWS\System32\drivers\afcdp.sys
[2012/02/17 11:31:48 | 000,766,208 | ---- | C] (Acronis) -- D:\WINDOWS\System32\drivers\tdrpman.sys
[2012/02/17 11:30:56 | 000,126,112 | ---- | C] (Acronis) -- D:\WINDOWS\System32\drivers\vididr.sys
[2012/02/17 11:30:56 | 000,000,000 | ---D | C] -- D:\Documents and Settings\1Gustavo\Application Data\30E56105-8D4E-4EFE-B61C-1E55A5433C4F
[2012/02/17 11:30:51 | 000,084,512 | ---- | C] (Acronis) -- D:\WINDOWS\System32\drivers\vsflt58.sys
[2012/02/17 11:30:30 | 000,076,768 | ---- | C] (Acronis) -- D:\WINDOWS\System32\drivers\fltsrv.sys
[2012/02/17 11:29:49 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Acronis
[2012/02/17 11:29:43 | 000,000,000 | ---D | C] -- D:\Documents and Settings\1Gustavo\Start Menu\Programs\Acronis
[2012/02/17 11:28:08 | 000,000,000 | ---D | C] -- D:\Program Files\Acronis
[2012/02/17 11:28:06 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Acronis
[2012/02/17 11:05:59 | 000,000,000 | ---D | C] -- D:\Documents and Settings\1Gustavo\Application Data\Acronis
[2012/02/17 11:05:58 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Acronis
[2012/02/10 05:59:26 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\WEBREG
[2012/02/10 05:54:04 | 000,123,904 | ---- | C] (Hewlett-Packard Company) -- D:\WINDOWS\System32\hpf3l70w.dll
[2012/02/10 05:53:07 | 000,315,392 | R--- | C] (Hewlett-Packard Co.) -- D:\WINDOWS\System32\hpwvst01.dll
[2012/02/10 05:53:06 | 000,966,656 | R--- | C] (Hewlett-Packard Co.) -- D:\WINDOWS\System32\hpwtiop5.dll
[2012/02/10 05:53:06 | 000,749,568 | R--- | C] (Hewlett-Packard) -- D:\WINDOWS\System32\hpwwiax6.dll
[2012/02/09 23:01:26 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
[2012/02/09 23:01:26 | 000,000,000 | ---D | C] -- D:\Documents and Settings\1Gustavo\Application Data\Yahoo!
[2012/02/09 23:01:22 | 000,000,000 | ---D | C] -- D:\Program Files\Yahoo!
[2012/02/09 20:44:58 | 000,000,000 | ---D | C] -- D:\WINDOWS\hpoj4500g510g-m
[2012/01/26 13:52:40 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\ATI
[2012/01/26 13:52:40 | 000,000,000 | ---D | C] -- D:\Documents and Settings\1Gustavo\Local Settings\Application Data\ATI
[2012/01/26 13:52:40 | 000,000,000 | ---D | C] -- D:\Documents and Settings\1Gustavo\Application Data\ATI
[2012/01/26 13:41:26 | 000,000,000 | ---D | C] -- D:\Program Files\AMD APP
[2012/01/26 13:41:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Catalyst Control Center
[2012/01/26 13:35:28 | 000,000,000 | ---D | C] -- D:\Program Files\ATI
[2012/01/26 13:34:56 | 000,000,000 | ---D | C] -- D:\Program Files\ATI Technologies
[2012/01/26 13:28:01 | 000,000,000 | ---D | C] -- D:\AMD
[2012/01/26 08:30:57 | 000,311,296 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\atiiiexx.dll
[2012/01/26 08:30:40 | 000,466,944 | ---- | C] (Advanced Micro Devices, Inc.) -- D:\WINDOWS\System32\ATIDEMGX.dll
[2012/01/26 08:28:52 | 000,100,368 | ---- | C] (Advanced Micro Devices) -- D:\WINDOWS\System32\drivers\AtihdXP3.sys
[2012/01/23 21:08:58 | 000,000,000 | ---D | C] -- D:\Documents and Settings\1Gustavo\Application Data\Windows Search
[2008/07/23 17:44:29 | 000,964,218 | ---- | C] (Click2learn, Inc.) -- D:\Program Files\OTSMENU.exe
[2008/07/23 17:44:29 | 000,717,965 | ---- | C] (click2learn.com, inc.) -- D:\Program Files\InstallTest.exe
[2008/07/23 17:44:28 | 002,036,730 | ---- | C] (click2learn.com, inc.) -- D:\Program Files\Givetest.EXE
[2008/07/23 17:44:27 | 000,760,758 | ---- | C] (click2learn.com, inc.) -- D:\Program Files\EditTaskList.exe
[2008/07/23 17:44:26 | 001,546,606 | ---- | C] (click2learn.com, inc.) -- D:\Program Files\CreateQuestions.exe
[2008/07/23 17:44:26 | 000,943,546 | ---- | C] (click2learn.com, inc.) -- D:\Program Files\AssessResults.exe

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/02/17 16:33:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\1Gustavo\Desktop\OTL.exe
[2012/02/17 16:33:00 | 000,000,890 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/17 15:51:00 | 000,002,422 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2012/02/17 15:50:03 | 000,000,284 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-1454471165-839522115-1003.job
[2012/02/17 15:49:52 | 000,000,882 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/17 15:49:11 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2012/02/17 15:48:38 | 3486,871,552 | -HS- | M] () -- D:\hiberfil.sys
[2012/02/17 15:48:35 | 000,000,000 | ---- | M] () -- D:\WINDOWS\System32\drivers\lvuvc.hs
[2012/02/17 12:47:29 | 000,000,793 | ---- | M] () -- D:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/17 12:45:35 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- D:\Documents and Settings\1Gustavo\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/17 12:02:32 | 000,772,954 | ---- | M] () -- D:\WINDOWS\System32\drivers\N360\0502000.00D\Cat.DB
[2012/02/17 12:02:22 | 000,446,464 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\1Gustavo\Desktop\TFC.exe
[2012/02/17 11:32:32 | 000,234,752 | ---- | M] (Acronis) -- D:\WINDOWS\System32\drivers\afcdp.sys
[2012/02/17 11:31:48 | 000,766,208 | ---- | M] (Acronis) -- D:\WINDOWS\System32\drivers\tdrpman.sys
[2012/02/17 11:31:32 | 000,609,760 | ---- | M] (Acronis) -- D:\WINDOWS\System32\drivers\timntr.sys
[2012/02/17 11:30:56 | 000,126,112 | ---- | M] (Acronis) -- D:\WINDOWS\System32\drivers\vididr.sys
[2012/02/17 11:30:51 | 000,084,512 | ---- | M] (Acronis) -- D:\WINDOWS\System32\drivers\vsflt58.sys
[2012/02/17 11:30:30 | 000,076,768 | ---- | M] (Acronis) -- D:\WINDOWS\System32\drivers\fltsrv.sys
[2012/02/17 11:29:44 | 000,000,873 | ---- | M] () -- D:\Documents and Settings\1Gustavo\Desktop\Acronis True Image Home 2012.lnk
[2012/02/12 23:05:00 | 000,000,254 | ---- | M] () -- D:\WINDOWS\tasks\NUSchedule.job
[2012/02/12 19:26:00 | 000,000,292 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-1454471165-839522115-1003.job
[2012/02/10 05:57:58 | 000,205,440 | ---- | M] () -- D:\WINDOWS\hpwins26.dat
[2012/02/09 21:11:11 | 000,001,817 | ---- | M] () -- D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/02/09 19:51:44 | 000,204,970 | ---- | M] () -- D:\WINDOWS\hpwins26.dat.temp
[2012/02/07 09:07:36 | 000,000,508 | ---- | M] () -- D:\Documents and Settings\1Gustavo\Desktop\terminate.vbs
[2012/02/06 20:48:03 | 000,000,290 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-1454471165-839522115-1006.job
[2012/02/03 21:01:28 | 000,180,224 | ---- | M] () -- D:\Documents and Settings\1Gustavo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/03 05:59:56 | 000,028,401 | ---- | M] () -- D:\Documents and Settings\1Gustavo\Desktop\PlacementEntry.pub
[2012/02/02 06:01:51 | 000,001,909 | ---- | M] () -- D:\Documents and Settings\All Users.WINDOWS\Desktop\Norton 360.LNK
[2012/01/28 00:27:32 | 000,000,172 | ---- | M] () -- D:\WINDOWS\System32\drivers\N360\0502000.00D\isolate.ini
[2012/01/26 08:25:08 | 000,001,324 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat
[2012/01/26 07:55:33 | 000,000,059 | ---- | M] () -- D:\WINDOWS\WININIT.INI

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/02/17 12:47:28 | 000,000,793 | ---- | C] () -- D:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/17 11:29:44 | 000,000,873 | ---- | C] () -- D:\Documents and Settings\1Gustavo\Desktop\Acronis True Image Home 2012.lnk
[2012/02/09 22:17:47 | 000,000,731 | ---- | C] () -- D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2012/02/09 21:11:10 | 000,001,817 | ---- | C] () -- D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/02/09 20:14:48 | 000,204,970 | ---- | C] () -- D:\WINDOWS\hpwins26.dat.temp
[2012/02/09 20:14:48 | 000,000,370 | ---- | C] () -- D:\WINDOWS\hpwmdl26.dat.temp
[2012/02/09 19:20:13 | 000,205,440 | ---- | C] () -- D:\WINDOWS\hpwins26.dat
[2012/02/09 19:20:12 | 000,000,370 | ---- | C] () -- D:\WINDOWS\hpwmdl26.dat
[2012/02/07 09:07:36 | 000,000,508 | ---- | C] () -- D:\Documents and Settings\1Gustavo\Desktop\terminate.vbs
[2012/01/26 08:30:58 | 000,036,338 | ---- | C] () -- D:\WINDOWS\atiogl.xml
[2012/01/26 08:30:32 | 000,219,080 | ---- | C] () -- D:\WINDOWS\System32\atiapfxx.blb
[2012/01/26 08:30:26 | 000,887,724 | ---- | C] () -- D:\WINDOWS\System32\ativva6x.dat
[2012/01/26 08:30:25 | 000,608,507 | ---- | C] () -- D:\WINDOWS\System32\atiicdxx.dat
[2012/01/26 08:30:25 | 000,000,003 | ---- | C] () -- D:\WINDOWS\System32\ativva5x.dat
[2012/01/14 12:18:15 | 000,077,421 | ---- | C] () -- D:\WINDOWS\hpqins05.dat
[2012/01/11 15:27:50 | 000,110,592 | ---- | C] () -- D:\WINDOWS\System32\FsUsbExDevice.Dll
[2012/01/11 15:27:50 | 000,036,608 | ---- | C] () -- D:\WINDOWS\System32\FsUsbExDisk.Sys
[2011/12/23 20:58:28 | 000,030,568 | ---- | C] () -- D:\WINDOWS\MusiccityDownload.exe
[2011/12/23 20:58:24 | 000,974,848 | ---- | C] () -- D:\WINDOWS\System32\cis-2.4.dll
[2011/12/23 20:58:24 | 000,081,920 | ---- | C] () -- D:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/12/23 20:58:24 | 000,065,536 | ---- | C] () -- D:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/12/23 20:58:24 | 000,057,344 | ---- | C] () -- D:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/12/05 22:04:00 | 000,059,904 | ---- | C] () -- D:\WINDOWS\System32\OpenVideo.dll
[2011/12/05 22:03:52 | 000,054,784 | ---- | C] () -- D:\WINDOWS\System32\OVDecode.dll
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- D:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2011/07/06 15:24:18 | 000,036,712 | ---- | C] () -- D:\WINDOWS\System32\CleanMFT32.exe
[2011/04/07 07:20:36 | 000,000,754 | ---- | C] () -- D:\WINDOWS\WORDPAD.INI
[2011/03/26 09:17:17 | 003,161,760 | ---- | C] () -- D:\WINDOWS\System32\WTMKM.exe
[2011/03/26 09:17:17 | 000,180,224 | ---- | C] () -- D:\WINDOWS\System32\ATWTINK.DLL
[2011/03/26 09:17:17 | 000,045,056 | ---- | C] () -- D:\WINDOWS\System32\InstallService.exe
[2011/03/26 09:17:16 | 000,010,251 | ---- | C] () -- D:\WINDOWS\System32\Vista.ini
[2011/03/26 09:17:16 | 000,009,868 | ---- | C] () -- D:\WINDOWS\System32\XP_2000.ini
[2011/03/26 09:17:16 | 000,000,593 | ---- | C] () -- D:\WINDOWS\System32\MKProfile.ini
[2011/01/20 22:05:02 | 000,179,718 | ---- | C] () -- D:\WINDOWS\hpwins14.dat
[2011/01/20 22:05:01 | 000,001,108 | R--- | C] () -- D:\WINDOWS\hpwmdl14.dat
[2011/01/04 19:11:38 | 000,001,940 | ---- | C] () -- D:\Documents and Settings\1Gustavo\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/11/16 14:21:55 | 000,007,378 | ---- | C] () -- D:\WINDOWS\System32\makobbot.dll
[2010/11/16 14:21:55 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\voxigker.dll
[2010/11/16 14:21:55 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\mekires.exe
[2010/11/16 14:21:55 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\delokapp.dll
[2010/11/16 14:21:55 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\conansec.dll
[2010/11/16 14:21:55 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\drivers\binuvmag.sys
[2010/11/16 14:21:55 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\apixont.dll
[2010/08/25 20:30:25 | 000,000,000 | ---- | C] () -- D:\WINDOWS\DVEdit.INI
[2010/08/25 16:14:13 | 000,354,816 | ---- | C] () -- D:\WINDOWS\System32\psisdecd.dll
[2010/08/25 16:13:12 | 000,124,264 | R--- | C] () -- D:\WINDOWS\System32\mp3dec.dll
[2010/08/25 16:13:12 | 000,081,920 | R--- | C] () -- D:\WINDOWS\System32\dsp_trc.dll
[2010/08/25 16:13:12 | 000,010,600 | R--- | C] () -- D:\WINDOWS\System32\IcdSptSvps.dll
[2010/05/14 16:56:06 | 010,898,456 | ---- | C] () -- D:\WINDOWS\System32\LogiDPP.dll
[2010/05/14 16:56:06 | 000,104,472 | ---- | C] () -- D:\WINDOWS\System32\LogiDPPApp.exe
[2010/05/14 16:55:58 | 000,336,408 | ---- | C] () -- D:\WINDOWS\System32\DevManagerCore.dll
[2010/05/14 16:47:00 | 000,028,418 | ---- | C] () -- D:\WINDOWS\System32\lvcoinst.ini
[2010/05/07 17:43:30 | 000,025,824 | ---- | C] () -- D:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/02/22 18:34:16 | 000,001,324 | ---- | C] () -- D:\WINDOWS\System32\d3d9caps.dat
[2010/02/12 10:40:36 | 006,344,704 | ---- | C] () -- D:\WINDOWS\System32\botavsec.exe
[2010/02/11 13:41:56 | 006,631,424 | ---- | C] () -- D:\WINDOWS\System32\sndiwchk.exe
[2010/02/11 12:02:20 | 000,017,959 | ---- | C] () -- D:\WINDOWS\System32\dskakdel.dll
[2009/12/13 13:55:44 | 000,217,088 | ---- | C] () -- D:\WINDOWS\System32\qtmlClient.dll
[2009/12/11 14:27:34 | 000,323,006 | ---- | C] () -- D:\Documents and Settings\1Gustavo\Application Data\speech.wav
[2009/11/07 17:47:47 | 000,000,437 | ---- | C] () -- D:\Documents and Settings\1Gustavo\Application Data\spell.cfg
[2009/11/07 17:47:47 | 000,000,145 | ---- | C] () -- D:\Documents and Settings\1Gustavo\Application Data\userdata2.adl
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- D:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- D:\WINDOWS\System32\OGAEXEC.exe
[2009/04/30 04:54:51 | 000,000,035 | ---- | C] () -- D:\WINDOWS\A6W.INI
[2009/04/25 11:34:39 | 000,012,717 | R--- | C] () -- D:\WINDOWS\hpwscr14.dat
[2008/12/31 10:07:05 | 000,388,768 | ---- | C] () -- D:\WINDOWS\System32\atwtusb.exe
[2008/12/31 10:07:05 | 000,102,048 | ---- | C] () -- D:\WINDOWS\RmTablet.exe
[2008/12/31 10:07:05 | 000,061,440 | ---- | C] () -- D:\WINDOWS\System32\tblmouse.exe
[2008/12/31 10:07:05 | 000,023,168 | ---- | C] () -- D:\WINDOWS\System32\drivers\aiptektp.sys
[2008/12/31 10:07:05 | 000,007,323 | ---- | C] () -- D:\WINDOWS\aiptbl.ini
[2008/12/31 10:04:54 | 000,000,046 | ---- | C] () -- D:\WINDOWS\RmFile.ini
[2008/12/31 10:04:36 | 000,053,728 | ---- | C] () -- D:\WINDOWS\rmfile.exe
[2008/12/31 10:04:36 | 000,043,664 | ---- | C] () -- D:\WINDOWS\addrun.exe
[2008/12/26 22:25:20 | 000,000,256 | ---- | C] () -- D:\WINDOWS\System32\pool.bin
[2008/12/02 18:06:11 | 000,000,000 | ---- | C] () -- D:\WINDOWS\flowview.INI
[2008/10/22 19:50:31 | 000,000,237 | ---- | C] () -- D:\WINDOWS\swacnfg.ini
[2008/09/30 11:00:04 | 000,088,536 | ---- | C] () -- D:\Documents and Settings\1Gustavo\Local Settings\Application Data\rx_audio.Cache
[2008/09/02 08:17:02 | 000,000,056 | -H-- | C] () -- D:\WINDOWS\System32\ezsidmv.dat
[2008/08/26 05:37:17 | 000,001,304 | ---- | C] () -- D:\WINDOWS\checkip.dat
[2008/07/29 15:30:48 | 000,480,688 | ---- | C] () -- D:\Documents and Settings\1Gustavo\Local Settings\Application Data\rx_image.Cache
[2008/07/23 17:44:47 | 000,000,233 | ---- | C] () -- D:\WINDOWS\asym.ini
[2008/07/23 17:44:31 | 000,173,612 | ---- | C] () -- D:\Program Files\SNDTEST.WAV
[2008/07/23 17:44:30 | 000,314,924 | ---- | C] () -- D:\Program Files\INSTRUCT.WAV
[2008/07/23 17:44:30 | 000,226,860 | ---- | C] () -- D:\Program Files\ENDTEST.WAV
[2008/07/23 17:44:30 | 000,004,640 | ---- | C] () -- D:\Program Files\NATURE.WAV
[2008/07/23 17:44:25 | 000,009,757 | ---- | C] () -- D:\Program Files\DeIsL1.isu
[2008/07/06 08:53:22 | 001,513,984 | ---- | C] () -- D:\WINDOWS\System32\Mgxrdr32.dll
[2008/07/06 08:53:21 | 000,306,688 | ---- | C] () -- D:\WINDOWS\System32\LFFPX7.DLL
[2008/07/06 08:53:21 | 000,095,232 | ---- | C] () -- D:\WINDOWS\System32\LFKODAK.DLL
[2008/07/06 08:50:48 | 000,082,944 | ---- | C] () -- D:\WINDOWS\System32\Ppiv20.dll
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- D:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- D:\WINDOWS\System32\structuredqueryschema.bin
[2008/03/24 20:53:22 | 000,002,528 | ---- | C] () -- D:\Documents and Settings\1Gustavo\Application Data\$_hpcst$.hpc
[2008/03/22 11:38:31 | 000,000,129 | ---- | C] () -- D:\WINDOWS\MSPublisher_Quark Converter.INI
[2008/03/22 08:29:15 | 000,486,704 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2008/03/21 15:50:44 | 000,000,510 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2008/03/21 15:42:08 | 000,042,483 | ---- | C] () -- D:\WINDOWS\ICCCODES.DAT
[2008/03/21 15:42:08 | 000,039,095 | ---- | C] () -- D:\WINDOWS\Iccsigs.dat
[2008/03/21 15:42:08 | 000,000,156 | ---- | C] () -- D:\WINDOWS\KPCMS.INI
[2008/03/21 15:41:46 | 000,210,944 | ---- | C] () -- D:\WINDOWS\System32\MSVCRT10.DLL
[2008/03/19 09:53:53 | 000,000,134 | ---- | C] () -- D:\WINDOWS\Readiris.ini
[2008/03/19 09:53:44 | 000,023,040 | ---- | C] () -- D:\WINDOWS\System32\irisco32.dll
[2008/03/13 14:58:31 | 000,002,071 | ---- | C] () -- D:\WINDOWS\panose.bin
[2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- D:\WINDOWS\System32\OpenQuicktimeLib.dll
[2008/02/03 10:52:13 | 000,000,207 | ---- | C] () -- D:\WINDOWS\cdplayer.ini
[2008/02/03 09:19:07 | 000,180,224 | ---- | C] () -- D:\Documents and Settings\1Gustavo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/31 18:05:01 | 000,000,035 | ---- | C] () -- D:\WINDOWS\webica.ini
[2008/01/28 15:33:46 | 000,001,485 | ---- | C] () -- D:\WINDOWS\MTB30.INI
[2008/01/26 15:06:50 | 000,000,059 | ---- | C] () -- D:\WINDOWS\WININIT.INI
[2008/01/25 17:44:54 | 000,000,165 | ---- | C] () -- D:\WINDOWS\Quicken.ini
[2008/01/25 16:08:08 | 000,210,456 | ---- | C] () -- D:\WINDOWS\System32\IVIresizeW7.dll
[2008/01/25 16:08:08 | 000,206,360 | ---- | C] () -- D:\WINDOWS\System32\IVIresizeA6.dll
[2008/01/25 16:08:08 | 000,198,168 | ---- | C] () -- D:\WINDOWS\System32\IVIresizeP6.dll
[2008/01/25 16:08:08 | 000,198,168 | ---- | C] () -- D:\WINDOWS\System32\IVIresizeM6.dll
[2008/01/25 16:08:08 | 000,194,072 | ---- | C] () -- D:\WINDOWS\System32\IVIresizePX.dll
[2008/01/25 16:08:08 | 000,026,136 | ---- | C] () -- D:\WINDOWS\System32\IVIresize.dll
[2008/01/24 19:21:14 | 000,001,167 | ---- | C] () -- D:\WINDOWS\mozver.dat
[2008/01/21 21:53:53 | 000,000,063 | ---- | C] () -- D:\WINDOWS\sbwin.ini
[2008/01/21 16:10:06 | 000,001,839 | ---- | C] () -- D:\WINDOWS\TT3.INI
[2008/01/21 15:37:54 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat
[2008/01/21 15:26:21 | 000,021,640 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat
[2008/01/21 15:02:25 | 000,000,000 | ---- | C] () -- D:\WINDOWS\nsreg.dat
[2008/01/21 14:20:57 | 000,000,000 | ---- | C] () -- D:\WINDOWS\ativpsrm.bin
[2008/01/21 07:02:34 | 000,004,346 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- D:\WINDOWS\System32\drivers\StarOpen.sys
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- D:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- D:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- D:\WINDOWS\System32\gthrctr.ini
[2005/12/01 14:05:44 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\px.ini
[2005/11/14 14:40:28 | 000,204,800 | ---- | C] () -- D:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/11/10 11:30:04 | 003,596,288 | R--- | C] () -- D:\WINDOWS\System32\qt-dx331.dll
[2005/11/10 11:30:02 | 000,524,288 | R--- | C] () -- D:\WINDOWS\System32\divxsm.exe
[2005/10/14 16:09:48 | 000,051,304 | ---- | C] () -- D:\WINDOWS\System32\drivers\atnt40k.sys
[2005/07/15 13:35:56 | 000,831,488 | ---- | C] () -- D:\WINDOWS\System32\libeay32.dll
[2005/07/15 13:35:56 | 000,159,744 | ---- | C] () -- D:\WINDOWS\System32\ssleay32.dll
[2005/04/27 22:24:20 | 000,120,128 | ---- | C] () -- D:\WINDOWS\System32\drivers\USBAV191.SYS
[2004/11/30 04:10:00 | 000,045,056 | ---- | C] () -- D:\WINDOWS\System32\besch.exe
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- D:\WINDOWS\System32\besched.dll
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- D:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 006,627,328 | ---- | C] () -- D:\WINDOWS\System32\verixget.exe
[2004/08/04 07:00:00 | 001,691,648 | ---- | C] () -- D:\WINDOWS\System32\keraglib.dll
[2004/08/04 07:00:00 | 001,683,456 | ---- | C] () -- D:\WINDOWS\System32\selesreg.dll
[2004/08/04 07:00:00 | 000,755,200 | ---- | C] () -- D:\WINDOWS\System32\ir50_32.dll
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- D:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,457,016 | ---- | C] () -- D:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,338,432 | ---- | C] () -- D:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- D:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- D:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,200,192 | ---- | C] () -- D:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 07:00:00 | 000,183,808 | ---- | C] () -- D:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 07:00:00 | 000,156,765 | ---- | C] () -- D:\WINDOWS\System32\mp4obver32.dll
[2004/08/04 07:00:00 | 000,156,765 | ---- | C] () -- D:\WINDOWS\System32\kbdahxml32.dll
[2004/08/04 07:00:00 | 000,153,765 | ---- | C] () -- D:\WINDOWS\System32\vipipkey32.dll
[2004/08/04 07:00:00 | 000,120,320 | ---- | C] () -- D:\WINDOWS\System32\ir41_qc.dll
[2004/08/04 07:00:00 | 000,075,922 | ---- | C] () -- D:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- D:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- D:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- D:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,004,461 | ---- | C] () -- D:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- D:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- D:\WINDOWS\System32\noise.dat
[2004/04/14 10:40:32 | 000,001,417 | ---- | C] () -- D:\WINDOWS\System32\WD.ini
[2003/12/15 15:42:52 | 000,000,232 | ---- | C] () -- D:\WINDOWS\SwapDrvrSP3.ini
[2003/12/15 15:42:36 | 000,000,233 | ---- | C] () -- D:\WINDOWS\SwapDrvrSP2.ini
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- D:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- D:\WINDOWS\System32\lockres.dll
[1998/12/08 17:53:58 | 000,116,736 | ---- | C] () -- D:\WINDOWS\System32\PCDLIB32.DLL

[color=#E56717]========== LOP Check ==========[/color]

[2012/02/17 11:31:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\30E56105-8D4E-4EFE-B61C-1E55A5433C4F
[2009/10/31 22:27:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Acapela Group
[2012/02/17 11:05:59 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Acronis
[2011/01/27 17:59:31 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Ahnenblatt
[2010/10/10 11:39:35 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Alien Skin
[2008/07/01 09:11:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Blender Foundation
[2009/12/13 18:28:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Digidesign
[2012/01/21 09:18:31 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Dropbox
[2008/02/20 21:47:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\GetRight
[2008/02/21 07:44:26 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\GetRightToGo
[2008/03/10 15:11:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\gtk-2.0
[2009/12/05 17:54:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\hm8platform
[2008/01/31 18:14:31 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\ICAClient
[2008/07/01 11:38:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Inspiration Software
[2012/01/13 15:33:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Juniper Networks
[2011/01/27 18:24:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Lala Music Mover
[2010/07/16 16:45:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Leadertech
[2010/07/21 16:50:26 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\ManyCam
[2009/03/01 12:20:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\MyHeritage
[2009/12/11 22:20:37 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\NCH Swift Sound
[2008/01/26 15:49:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Nvu
[2010/09/08 06:28:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\OpenOffice.org
[2008/03/20 11:51:12 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Org Professional
[2009/12/13 15:04:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\PACE Anti-Piracy
[2012/02/17 16:09:59 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\QuickScan
[2011/03/26 13:46:01 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Research In Motion
[2012/01/01 19:26:50 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\1Gustavo\Application Data\RPPrivate
[2012/01/11 16:19:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Samsung
[2009/07/21 17:53:58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\SnapKast
[2009/12/13 14:08:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Structure
[2008/12/17 15:19:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\System Tweaker
[2010/12/25 15:20:46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\TomTom
[2010/02/18 19:00:33 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Ulead Systems
[2008/12/17 15:10:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Uniblue
[2009/07/13 14:01:28 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\webex
[2011/07/30 09:47:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Windows Desktop Search
[2012/01/23 21:08:58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Windows Search
[2009/10/31 22:27:45 | 000,000,000 | ---D | M] -- D:\Documents and Settings\1Gustavo\Application Data\Xtranormal
[2012/02/17 11:05:58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Acronis
[2008/07/01 09:11:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Blender Foundation
[2011/05/16 12:46:30 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\FileCure
[2009/11/04 17:39:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Flip Video
[2008/03/08 17:21:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\GetRight
[2009/09/19 11:52:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\GetRightToGo
[2008/01/25 16:08:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\InterVideo
[2012/01/13 15:31:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Juniper Networks
[2009/01/10 17:45:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\muvee Technologies
[2009/03/01 12:25:59 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\MyHeritage
[2011/03/05 16:10:05 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
[2008/01/21 23:26:35 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\OLYMPUS
[2009/12/13 15:04:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\PACE Anti-Piracy
[2009/09/24 17:45:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\PCSettings
[2012/02/12 06:08:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Retrospect
[2012/01/11 16:11:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Samsung
[2008/01/23 18:07:05 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Seagate
[2010/02/18 18:59:41 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\SmartSound Software Inc
[2011/03/26 13:05:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Tablet
[2012/02/12 23:05:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2010/12/25 15:27:23 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\TomTom
[2011/03/26 13:56:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Ulead Systems
[2012/01/09 16:13:55 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\Western Digital
[2009/02/01 14:03:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/12/17 15:10:19 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users.WINDOWS\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2012/02/12 23:05:00 | 000,000,254 | ---- | M] () -- D:\WINDOWS\Tasks\NUSchedule.job

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\1Gustavo\My Documents\Ulead VideoStudio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\1Gustavo\My Documents\SPAN 336:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\1Gustavo\My Documents\Retrospect Catalog Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\1Gustavo\My Documents\My Webs:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\1Gustavo\My Documents\My Videos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\1Gustavo\My Documents\My FormTool Forms:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> D:\Documents and Settings\1Gustavo\My Documents\HotPotatoes:Roxio EMC Stream
@Alternate Data Stream - 184 bytes -> D:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D3A96964
@Alternate Data Stream - 180 bytes -> D:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DA868A70
@Alternate Data Stream - 1512 bytes -> D:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:Q7Abz9DjFukR9Xe1WEG
@Alternate Data Stream - 1511 bytes -> D:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:2KQrSCYcI6F9PW5XV4DPYnQe6Z
@Alternate Data Stream - 1368 bytes -> D:\Documents and Settings\1Gustavo\Local Settings\Application Data\oJGxA50O6HnN:eeSe0gjisR9Hvow9surbHxB
@Alternate Data Stream - 1296 bytes -> D:\Program Files\Common Files\System:0qItaC4876ZsWaJlxnL
@Alternate Data Stream - 1271 bytes -> D:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:TKjTVnyVfcMClvmLo3USazYjrey
@Alternate Data Stream - 1256 bytes -> D:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:vfKkAgpy1Na8PP9mvg
@Alternate Data Stream - 1251 bytes -> D:\Program Files\Common Files\System:xf3uajAjpZ4lDNvp4H7sn912GN
@Alternate Data Stream - 1244 bytes -> D:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:zxc1xI1P4INzcPsDhu
@Alternate Data Stream - 1200 bytes -> D:\Program Files\Outlook Express:RiGIYXjREiW8DiCuqREkxx
@Alternate Data Stream - 102 bytes -> D:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D287FACF
lilhurricane

lilhurricane

Numquam oblita

EXTRAS

OTL Extras logfile created on: 2/17/2012 4:34:26 PM - Run 1
OTL by OldTimer - Version 3.2.32.0 Folder = D:\Documents and Settings\1Gustavo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 70.71% Memory free
4.69 Gb Paging File | 3.49 Gb Available in Paging File | 74.48% Paging File free
Paging file location(s): D:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive D: | 465.76 Gb Total Space | 325.62 Gb Free Space | 69.91% Space Free | Partition Type: NTFS
Drive E: | 74.51 Gb Total Space | 70.11 Gb Free Space | 94.09% Space Free | Partition Type: FAT32
Drive F: | 12.73 Gb Total Space | 10.37 Gb Free Space | 81.44% Space Free | Partition Type: NTFS
Drive K: | 465.76 Gb Total Space | 106.86 Gb Free Space | 22.94% Space Free | Partition Type: NTFS
Drive M: | 2794.49 Gb Total Space | 2785.72 Gb Free Space | 99.69% Space Free | Partition Type: NTFS

Computer Name: GUSTAVOS | User Name: 1Gustavo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0
"DisableConfig" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"85:TCP" = 85:TCP:*:Enabled:BroadWave Web Server

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = D:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = D:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = D:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = D:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"D:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = D:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = D:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"D:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = D:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"D:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"D:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"D:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = D:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"D:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\HP Software Update\hpwucli.exe" = D:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"D:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = D:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\Retrospect\Retrospect 7.6\Retrospect.exe" = D:\Program Files\Retrospect\Retrospect 7.6\Retrospect.exe:*:Enabled:Retrospect
"D:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe" = D:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service -- (Sonic Solutions)
"D:\Program Files\Skype\Plugin Manager\skypePM.exe" = D:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"D:\Program Files\Java\jre6\bin\java.exe" = D:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"D:\Program Files\Roxio\Easy Media Creator 8\Creator Classic\Creator8.exe" = D:\Program Files\Roxio\Easy Media Creator 8\Creator Classic\Creator8.exe:*:Enabled:Creator8 -- (Sonic Solutions)
"D:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe" = D:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe:*:Enabled:Roxio UPnP Renderer Service -- (Sonic Solutions)
"L:\setup\HPZNUI01.EXE" = L:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe
"L:\setup\HPONICIFS01.EXE" = L:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe
"D:\Program Files\Logitech\Vid\Vid.exe" = D:\Program Files\Logitech\Vid\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"D:\Documents and Settings\1Gustavo\Application Data\Dropbox\bin\Dropbox.exe" = D:\Documents and Settings\1Gustavo\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"D:\Program Files\Retrospect\Retrospect 7.7\Retrospect.exe" = D:\Program Files\Retrospect\Retrospect 7.7\Retrospect.exe:*:Enabled:Retrospect -- (Sonic Solutions)
"D:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = D:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"D:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = D:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"D:\WINDOWS\system32\muzapp.exe" = D:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"D:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = D:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = D:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = D:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = D:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"D:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = D:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = D:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"D:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = D:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"D:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"D:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"D:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = D:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"D:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = D:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"D:\Program Files\HP\HP Software Update\hpwucli.exe" = D:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"D:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = D:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"D:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe" = D:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe:*:Enabled:Acronis Sync Agent Service -- (Acronis)

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06968636-3053-3474-9AF4-CC363F7C41C0}" = Strawberry Perl
"{07B3B42B-18C1-4CA7-AFFB-2B0313BBFB7C}_is1" = Vizacc HelpMaker 7.4.4 (remove only)
"{07D4A7C5-C55C-45B5-9E86-D8068D25EF40}" = Fast Track
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{09C6A4C7-A2D2-1DD9-A81C-44C30042A00C}" = CCC Help Greek
"{0A173336-214D-0609-4897-5E2547D0395D}" = CCC Help Dutch
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{10E78E61-CCB0-4E35-B216-763992F50409}" = Xtranormal State - Voicepack-English-US-Samantha
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15262012-213A-4f65-9019-C8A409EC0156}" = HP Officejet J6400 Series
"{1551F75D-F27A-490A-8E5C-36DB06F0C453}" = Xtranormal State - Voicepack-English-US-Tom
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B9E212F-DFDC-F1D4-D1FD-986149513125}" = CCC Help Russian
"{1CAEFAE2-D12E-CA26-62BC-DF452004B3B1}" = CCC Help Swedish
"{1D9B2B74-82B1-9CE7-0A9A-6234008D11EE}" = CCC Help Polish
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2254E64C-D2B1-4478-BD7E-37457D09FF39}" = QuickLink Desktop
"{251554D7-F631-4CB3-8A81-12271E3678F1}" = Easy Grade Pro
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{329B7564-7E13-4A70-BC2B-F9870C82AAB6}" = Roxio Content 8
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353B1E6D-7073-4450-8C80-699BD8FCFB49}" = MTP Porting Kit
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3D1B20A6-E31D-4BB5-BC5C-DDD3B0D91728}" = Intel Audio Studio 2.0
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F70FB44-FD00-4ED2-9154-661AA9DB0B28}" = WD Media Center Driver
"{40399AFE-1B78-4617-A785-73A640132F99}" = Xtranormal State - Voicepack-English-UK-Daniel
"{406AE7DC-5FD1-FC3A-00F5-024AD25DF01B}" = CCC Help Danish
"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{47A0C382-35D7-4A3A-B9AF-B2D38827A8A7}" = Acronis True Image Home 2012
"{47A0C382-35D7-4A3A-B9AF-B2D38827A8A7}Visible" = Acronis True Image Home 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4A742CBE-078E-03FF-C7D5-B3E1B676BDF2}" = CCC Help Czech
"{4B6DD00B-BC05-185B-BE8B-997A23B367C4}" = CCC Help Chinese Traditional
"{4F589FB5-02B8-43DD-8061-C6DADDE5775C}" = 3114 SATARAID5
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{50206644-C226-498D-8273-9F5F300807E2}_is1" = NeoPaint 4.7a
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{556F2137-B772-43BB-9A45-E0275234DD16}" = Free Notes & Office Ink
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{5F1AE198-965A-C65D-218A-B76F19B86BEC}" = CCC Help German
"{5FEEB4D3-31F1-FF10-5F61-A988CD44CA59}" = CCC Help Hungarian
"{62C2306F-8B71-453E-8996-3A5BFE2593BB}" = M-Audio Micro Driver 2.0.1 (x86)
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{651CD0A0-8B64-B3F1-23B9-294C39F09A31}" = CCC Help Finnish
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77514C51-66D9-2F7C-56D8-5495B8CFAF5E}" = CCC Help French
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{792A669E-71A6-9210-2C06-3FCF0DDFC4C5}" = Catalyst Control Center Localization All
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{82CA0A0C-A3EC-4167-B694-909205B2EDEC}" = muvee Plugin 1.0
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{860BD052-49CB-7220-8792-15523D08C2A2}" = CCC Help Korean
"{868901EE-7807-4F89-A134-7C705D34F91F}" = Roxio Easy Media Creator 8 Suite
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8B4AE751-7055-4518-87B0-E148A8D50D0A}" = Macromedia FreeHand MX
"{8C93615B-5333-B61B-625E-0D4DCD9E09CA}" = CCC Help Norwegian
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_XWeb_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_XWeb_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_XWeb_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0045-0000-0000-0000000FF1CE}" = Microsoft Expression Web 2
"{90120000-0045-0000-0000-0000000FF1CE}_XWeb_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0045-0409-0000-0000000FF1CE}" = Microsoft Expression Web 2 MUI (English)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_XWeb_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_XWeb_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX
"{981F1A21-7764-417F-90C3-795ABDCEF496}" = M-Audio Producer Driver 2.0.1 (x86)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BD91669-25C9-43CD-9367-BF60591B837B}" = Camedia Master 4.3
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2B41C5-919A-7037-F5E8-42A5E90873B8}" = Catalyst Control Center Graphics Previews Common
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A48E4951-D8E9-4FDF-82EF-46FB1C953F3E}" = Intel Audio Studio 2.0
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A6991E11-AF13-652B-5736-C8800EF5527B}" = Catalyst Control Center
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABDDCBF9-D934-48B7-B09A-D208D6C4A2D6}" = Xtranormal State - Voicepack-English-UK-Serena
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AC76D478-1033-0000-3478-000000000001}" = Adobe Acrobat Distiller 6.0
"{ADD24D05-DDEA-39CB-0E92-AA371AEE2894}" = Catalyst Control Center InstallProxy
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B111977A-E61A-4EA3-9F19-605E69C06D14}_is1" = NeoBook 5.6.1
"{B1B99F39-0A1C-4790-A0C8-73537CF8CEDB}" = Easy Grade Pro
"{B2420CAA-ADC1-8581-938A-2B25C22EF17A}" = ccc-utility
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5C314F7-928B-44E3-A8A3-169648B1077D}" = Xtranormal State - SoundPack-Starter Kit
"{B6300A7D-C1B6-4A25-861D-4AED96202FCD}" = Readiris Pro 10
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B81D9181-67D7-6A90-78EA-34108EBBCF7F}" = CCC Help Thai
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{BA314F9D-8401-1E44-11BF-F112E93F465E}" = CCC Help English
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BC3804E5-77CC-47A0-8BD5-797355A26BA3}" = WD SmartWare
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{BEB0B424-3692-E0DC-8D25-04A36C7AB580}" = CCC Help Portuguese
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4186C0D-FB9F-5D83-21FB-A737A13EFAE6}" = AMD Catalyst Install Manager
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4574477-C9FA-CF5F-B5AC-D379D655A962}" = CCC Help Chinese Standard
"{CBA4DD0F-0871-39EB-A48B-03BC9E5E437B}" = CCC Help Japanese
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D491FEB0-3D6A-49DE-8C97-8D4D0036E07E}" = WebEx Meeting Manager for Firefox/Netscape/Chrome
"{D648787C-3738-424C-AF24-EB4EA008473F}" = Retrospect 7.7
"{D7ADCF9A-1F30-4ECE-B40E-A155DEAD0FCD}" = Xtranormal State
"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC24971E-1946-445D-8A82-CE685433FA7D}" =
"{DE0C72A8-B4A3-4B80-3CF9-2DC45CF865D5}" = CCC Help Spanish
"{DE958AD2-6235-45E6-AB3A-26FA5C7A9B0F}_is1" = NeoBookDBPro 1.1e
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{E5B2C34F-BEDE-5AF8-DBD3-C05E8C030588}" = CCC Help Italian
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
"{E6C48B74-26ED-4EF8-A04C-42AFDE5E1CA3}" = Intel(R) PRO Network Connections
"{EE89B00E-5295-4C01-887A-311DD090F71B}" = Xtranormal State - Showpak-Playgoz-Preview
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
"{F0A6D1C4-7E73-963B-C4C6-C97121B1992B}" = CCC Help Turkish
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
"{F7F23DFB-31E1-B7EC-7A6D-7668B595ADAE}" = FlipShare
"{F8423392-2296-4748-9B66-344432459632}" = PureHD
"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
"{FE8CD9C9-7650-4B8D-928A-85D6CAB6CA59}" = Digidesign Pro Tools M-Powered Essential 8.0.2
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe PageMaker 7.0" = Adobe PageMaker 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe Type Manager 4.1" = Adobe Type Manager 4.1
"Audacity_is1" = Audacity 1.2.5
"AURC_is1" = Audacity Recovery Utility
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Blender" = Blender (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Editors Toolbox for NeoBook" = Editors Toolbox for NeoBook
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Finale NotePad 2008" = Finale NotePad 2008
"GetRight_is1" = GetRight
"hotpot6_is1" = Hot Potatoes v 6.0.4.27
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IHMC CmapTools v4.09" = IHMC CmapTools v4.09
"Inspiration 8" = Inspiration 8
"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"Juniper Network Connect 7.1.0" = Juniper Networks Network Connect 7.1.0
"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client Activex Control
"Macromedia Director 7" = Macromedia Director 7
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"ManyCam" = ManyCam 2.5.48 (remove only)
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Micrografx Designer 7" = Micrografx Designer 7
"Micrografx FlowCharter 7" = Micrografx FlowCharter 7
"Micrografx Graphics Suite 2 Enterprise" = Micrografx Graphics Suite 2 Enterprise
"Micrografx Picture Publisher 7" = Micrografx Picture Publisher 7
"Micrografx QuickVector" = Micrografx QuickVector
"Micrografx Simply 3D 2" = Micrografx Simply 3D 2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixPad" = MixPad Audio Mixer
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MVApplication1" = Memorex exPressit Label Design Studio
"N360" = Norton 360
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Norton Utilities 15_is1" = Norton Utilities 15
"Oral Testing Software Enhanced" = Oral Testing Software Enhanced
"Pensoft Pro" = Pensoft Pro
"ProcessScanner_is1" = Uniblue ProcessScanner
"quandary2_is1" = Quandary version 2.2.0.2
"Quicken WillMaker Plus 2008" = Quicken WillMaker Plus 2008
"RealPlayer 15.0" = RealPlayer
"Rmtablet" = Pen Pad Driver with Macro Key Manager
"R-Studio 3.8NSIS" = R-Studio 3.8
"Shop for HP Supplies" = Shop for HP Supplies
"SnapKast Media Center_is1" = SnapKast Media Center 2.2 (1Gustavo)
"ST6UNST #1" = MetaVox V3
"System Tweaker_is1" = Uniblue System Tweaker
"Teacher's Toolbox 3.0" = Teacher's Toolbox 3.0
"TexToys3_is1" = TexToys v 3.1.0.7
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
"VLC media player" = VLC media player 1.1.11
"WavePad" = WavePad Sound Editor
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.4.5
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XWeb" = Microsoft Expression Web 2
"Yahoo! Companion" = Yahoo! Toolbar

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2/9/2012 10:23:53 PM | Computer Name = GUSTAVOS | Source = Application Error | ID = 1000
Description = Faulting application WDFME.exe, version 1.4.5.2, faulting module msvcr90.dll,
version 9.0.30729.6161, fault address 0x0006ccd5.

Error - 2/9/2012 11:54:40 PM | Computer Name = GUSTAVOS | Source = MsiInstaller | ID = 11905
Description = Product: DocMgr -- Error 1905. Module D:\Program Files\HP\Digital
Imaging\help\hpqdummy.dll failed to unregister. HRESULT -2147220472. Contact your
support personnel.

Error - 2/10/2012 12:06:37 AM | Computer Name = GUSTAVOS | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 2/14/2012 11:55:46 AM | Computer Name = GUSTAVOS | Source = Windows Search Service | ID = 3038
Description = The gatherer is unable to read the registry DocIdMapFile. Context:
Application, SystemIndex Catalog Details: The system cannot find the file specified.
(0x80070002)

Error - 2/14/2012 11:55:54 AM | Computer Name = GUSTAVOS | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The registry value cannot be read because the configuration
is invalid. Recreate the content index configuration by removing the content index.
(0x80040d03)

Error - 2/14/2012 11:55:54 AM | Computer Name = GUSTAVOS | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
registry value cannot be read because the configuration is invalid. Recreate the
content index configuration by removing the content index. (0x80040d03)

Error - 2/17/2012 11:48:32 AM | Computer Name = GUSTAVOS | Source = ESENT | ID = 489
Description = wuauclt (5932) An attempt to open the file "D:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 2/17/2012 11:48:32 AM | Computer Name = GUSTAVOS | Source = ESENT | ID = 455
Description = wuaueng.dll (5932) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile D:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 2/17/2012 11:48:46 AM | Computer Name = GUSTAVOS | Source = ESENT | ID = 489
Description = wuauclt (5932) An attempt to open the file "D:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 2/17/2012 11:48:46 AM | Computer Name = GUSTAVOS | Source = ESENT | ID = 455
Description = wuaueng.dll (5932) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile D:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

[ OSession Events ]
Error - 1/30/2008 4:03:52 PM | Computer Name = GUSTAVOS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 617
seconds with 240 seconds of active time. This session ended with a crash.

Error - 11/6/2008 10:53:03 PM | Computer Name = GUSTAVOS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 18610
seconds with 960 seconds of active time. This session ended with a crash.

Error - 12/29/2008 10:20:28 AM | Computer Name = GUSTAVOS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 37
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/9/2009 12:00:32 PM | Computer Name = GUSTAVOS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 17070
seconds with 2160 seconds of active time. This session ended with a crash.

Error - 10/13/2009 9:21:11 PM | Computer Name = GUSTAVOS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 30605
seconds with 10860 seconds of active time. This session ended with a crash.

Error - 12/29/2009 8:46:12 AM | Computer Name = GUSTAVOS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 172
seconds with 120 seconds of active time. This session ended with a crash.

Error - 5/6/2010 9:58:18 PM | Computer Name = GUSTAVOS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/19/2010 12:49:35 AM | Computer Name = GUSTAVOS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 34629
seconds with 60 seconds of active time. This session ended with a crash.

Error - 12/20/2010 1:29:11 PM | Computer Name = GUSTAVOS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13019
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/14/2012 10:17:35 PM | Computer Name = GUSTAVOS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17396
seconds with 5460 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/17/2012 1:04:38 PM | Computer Name = GUSTAVOS | Source = Service Control Manager | ID = 7034
Description = The WDDMService service terminated unexpectedly. It has done this
1 time(s).

Error - 2/17/2012 1:04:38 PM | Computer Name = GUSTAVOS | Source = Service Control Manager | ID = 7034
Description = The Ulead Burning Helper service terminated unexpectedly. It has
done this 1 time(s).

Error - 2/17/2012 1:04:38 PM | Computer Name = GUSTAVOS | Source = Service Control Manager | ID = 7034
Description = The WD File Management Engine service terminated unexpectedly. It
has done this 1 time(s).

Error - 2/17/2012 1:04:38 PM | Computer Name = GUSTAVOS | Source = Service Control Manager | ID = 7034
Description = The WD File Management Shadow Engine service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/17/2012 1:04:38 PM | Computer Name = GUSTAVOS | Source = Service Control Manager | ID = 7034
Description = The WTService service terminated unexpectedly. It has done this 1
time(s).

Error - 2/17/2012 1:04:41 PM | Computer Name = GUSTAVOS | Source = Service Control Manager | ID = 7034
Description = The Acronis Scheduler2 Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 2/17/2012 1:04:41 PM | Computer Name = GUSTAVOS | Source = Service Control Manager | ID = 7034
Description = The Acronis Nonstop Backup Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/17/2012 1:04:41 PM | Computer Name = GUSTAVOS | Source = Service Control Manager | ID = 7031
Description = The Acronis Sync Agent Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 10000
milliseconds: Restart the service.

Error - 2/17/2012 1:24:34 PM | Computer Name = GUSTAVOS | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.1.21. The machine with the IP address 192.168.1.1 did not
allow the name to be claimed by this machine.

Error - 2/17/2012 1:25:02 PM | Computer Name = GUSTAVOS | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.1.21. The machine with the IP address 192.168.1.1 did not
allow the name to be claimed by this machine.
lilhurricane

lilhurricane

Numquam oblita

Sec Check

Results of screen317's Security Check version 0.99.31
Windows XP Service Pack 3 x86
Internet Explorer 7 [color=red]Out of date![/color]
``````````````````````````````
[u]Antivirus/Firewall Check:[/u]

Norton 360
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
[u]Anti-malware/Other Utilities Check:[/u]

Java(TM) 6 Update 24
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java 2 Runtime Environment, SE v1.4.2_04
[color=red]Java version out of date![/color]
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.2)
````````````````````````````````
Process Check:
[u]objlist.exe by Laurent[/u]

Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

1 recommendation

LoPhatPhuud to GMLUSA

MVM

to GMLUSA

Re: [Malware] Computer stops obeying the mouse but drives spin l

Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found.

You find link(s) and instructions here:
»Security Cleanup FAQ »Rootkit Detection Applications
Expand your moderator at work